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Reactive systems (RSs) represent a meta-framework aimed at deriving behavioral congruences for 
those computational formalisms whose operational semantics is provided by reduction rules. RSs 
proved a flexible specification device, yet so far most of the efforts dealing with their behavioural 
semantics focused on idem pushouts (IPOs) and saturated (also known as dynamic) bisimulations. 
In this paper we introduce a novel, intermediate behavioural equivalence: L-bisimilarity , which is 
able to recast both its IPO and saturated counterparts. The equivalence is parametric with respect 
to a set L of RSs labels, and it is shown that under mild conditions on L it is indeed a congruence. 
Furthermore, L-bisimilarity can also recast the notion of barbed semantics for RSs, proposed by the 
same authors in a previous paper. In order to provide a suitable test-bed, we instantiate our proposal 
by addressing the semantics of (asynchronous) CCS and of the calculus of mobile ambients. 



1 Introduction 

Reactive systems (RSs) [12] are an abstract formalism for specifying the dynamics of a computational 
device. Indeed, the usual specification technique is based on a reduction system, comprising a set of 
possible states of the device and a relation among them, representing the possible evolutions of the de- 
vice. The relation is often given inductively, freely instantiating relatively few rewriting rules: despite its 
ease of use, the main drawback of reduction-based solutions is poor compositionality, since the dynamic 
behaviour of arbitrary stand-alone terms can be interpreted only by inserting them in appropriate con- 
texts, where a reduction may take place. The theoretical appeal of RSs is their ability to distill labelled 
transition systems (LTSs), hence, behavioural equivalences, for devices specified by a reduction system. 

The idea underlying RSs is simple: whenever a device specified by a term C[P] (i.e., a sub-term P 

C[-l 

inserted into a unary context C[— ]) may evolve to a state Q, the associated LTS has a transition P — > Q 
(i.e., the state P evolves into Q with a label C[— ]). If all contexts are admitted, the resulting semantics 
is called saturated, and the standard bisimilarity on the derived LTS is a congruence. However, it is 
unfeasible to check the bisimulation game under all contexts, and usually it suffices to consider a subset 
of contexts that guarantees that the distilled behavioural semantics is a congruence. Such a set, the 
"minimal" contexts allowing a reduction to occur, was identified in lfT2l by the notion of relative pushout: 
the resulting strong bisimilarity is a congruence, even if it often does not coincide with the saturated one. 

Several attempts have been made to encode various specification formalisms (Petri nets lfT5l l20l . 
logic programming |6j, etc.) as RSs, either hoping to recover the standard observational equivalences, 
whenever such a behavioural semantics exists (CCS [13], pi-calculus lfl4ll . etc.), or trying to distill a 
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meaningful new semantics. The results are often not fully satisfactory: bisimilarity via minimal con- 
texts is usually too fine-grained; while saturated semantics are often too coarse (the standard CCS strong 
bisimilarity is e.g. strictly included in the saturated one). As for process calculi, the standard way out of 
the empasse it to consider barbs [ 16] (i.e., predicates on the states of a system) and barbed equivalences 
(i.e., adding the check of such predicates in the bisimulation game). The flexibility of the definition 
allows for recasting a variety of observational, bisimulation-based equivalences. Indeed, the method- 
ological contribution of [5] is the introduction of suitable notions of barbed saturated semantics for RSs. 

In this paper we move one step further, and we propose a novel behavioural equivalence for RSs, 
namely, L-bisimulation: a flexible tool, parametric with respect to a set of minimal labels L. Also in this 

case the idea is very simple, and it just asymmetrically refines the standard bisimulation game. If the 

C[_] cT— 1 

minimal LTS has a transition P — > Q, then a bisimilar P has to react via a minimal transition P — > Q' , 

whenever C[— ] £ L; or it must ensure that C[P'] may evolve into Q' (thus requiring no minimality for 

C\— ] with respect to P'), otherwise. The associated bisimilarity is intermediate between the standard 

semantics (i.e., minimal and saturated) for RSs: indeed, it is able to recover both of them, by simply 

varying the set L and exploiting the so-called semi-saturated semantics. It can be proved that, under mild 

closure conditions on the set L, L-bisimilarity is a congruence; and moreover, it can be shown that barbed 

saturated semantics can be recast, as long as L satisfies suitable barb-capturing properties. 

With respect to barbed saturated semantics, L-bisimilarity admits a streamlined definition, where 
state predicates play no role. It is thus of simpler verification, and its introduction may have far reaching 
consequences over the usability of the RS formalism. However, as for any newly proposed semantics, 
its adequacy and ease of use have to be tested against suitable case studies. We thus consider a recently 
introduced, minimal context semantics for mobile ambients (MAs), as distilled in [4]; as well as two min- 
imally labelled transition systems for CCS and its asynchronous variant, reminiscent of those proposed 
in O. We show that in those cases, a set L of minimal labels can be identified, such that L-bisimilarity 
precisely captures the standard semantics of the calculus at hand. 

The paper is organized as follows. Section 2 recalls the basic notions of RSs, while Section 3 and 
Section 4 perform the same for MAs and (asynchronous) CCS, respectively. Section 5 presents the tech- 
nical core of the paper: the introduction of L-bisimilarity for RSs, the proof that (under mild conditions 
on L) it is indeed a congruence, and moreover its correspondence with barbed semantics. Finally, Sec- 
tion 6 and Section 7 prove that, suitably varying the set L, the newly defined L-bisimilarity captures the 
standard equivalences for MAs and for CCS and its asynchronous variant, respectively. 

2 Reactive Systems 

This section summarizes the main results concerning (the theory of) reactive systems (RSs) [12]. The 
formalism aims at deriving labelled transition systems (LTSs) and bisimulation congruences for a system 
specified by a reduction semantics, and it is centered on the concepts of term, context and reduction rule: 
contexts are arrows of a category, terms are arrows having as domain 0, a special object that denotes 
groundness, and reduction rules are pairs of (ground) terms. 

Definition 1 (Reactive System). A reactive system C consists of 

1. a category C; 

2. a distinguished object G |C|; 

3. a composition-reflecting subcategory D of reactive contexts; 

4. a set of pairs 91 C U/e|c| C(0,7) x C(0,7) of reduction rules. 
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Figure 1 : Redex Square and RPO 



Intuitively, reactive contexts are those in which a reduction may occur. By composition-reflecting we 
mean that d' o d € D implies d,d' GD. Note that the rules have to be ground, i.e., left-hand and right-hand 
sides have to be terms without holes and, moreover, with the same codomain. 

The reduction relation is generated from the reduction rules by closing them under all reactive con- 
texts. Formally, the reduction relation is defined by taking P Q if there is (l,r) e 9\ and d € D such 
that P = d o / and Q = dor. 

Thus the behaviour of an RS is expressed as an unlabelled transition system. In order to obtain a 

LTS, we can plug a term P into some context C[— ] and observe if a reduction occurs. In this case we 

C[-l 

have that P — >. Categorically speaking, this means that C[— ] o P matches d o / for some rule (/, r) G 9\ 
and some reactive context d. This situation is formally depicted by diagram (i) in Fig. [T] a commuting 
diagram like this is called a redex square. 

Definition 2 (Saturated Transition System). The saturated transition system (STS) is defined as follows 

• states: arrows P : —> I in C, for arbitrary I; 

C[-] 

• transitions: P —?sat Q ifC[P] Q. 

Note that C[P] stands for C[— ] oP: the same notation is used in Definitions [3] and [7] below, in order to 
allow for an easier comparison with the process calculi notation, to be adopted in the following sections. 

Definition 3 (Saturated Bisimulation). A symmetric relation is a saturated bisimulation if whenever 
P&Qthen\/C[-} 

• ifC[P] ~* P' then C[Q] ~» Q' andP'^Q'. 

Saturated bisimilarity ~ s is the largest saturated bisimulation. 

It is obvious that ~ s is a congruence. Indeed, it is the coarsest symmetric relation satisfying the 
bisimulation game on ~~» that is also a congruence. 

Note that STS is often infinite-branching since all contexts allowing reductions may occur as labels. 
Moreover, it has intuitively redundant transitions. For example, consider the term a.O of CCS. We have 

both the transitions a.O ^sat 0|0 and a.O P ^>sat P | | 0, yet P does not "concur" to the reduction. We 
thus need a notion of "minimal context allowing a reduction", captured by idem pushouts. 

Definition 4 (RPO, IPO). Let the diagrams in Fig. ^be in a category C, and let (i) be a commuting 
diagram. A candidate for (i) is any tuple {Is,e,f,g) making (ii) commute. A relative pushout (RPO) is 
the smallest such candidate, i.e., such that for any other candidate (I(,,e r ,f ,g') there exists a unique 
morphism h: 1$ —> 1$ making ( iii) and ( iv) commute. A commuting square such as diagram ( i) of Fig. ^is 
called idem pushout (IPO) if (l4,c,d,idj 4 ) is its RPO. 

Hereafter, we say that an RS has redex RPOs (IPOs) if every redex square has an RPO (IPO) as 
candidate. For a better understanding of these two notions, we refer the reader to O. 
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Definition 5 (IPO Transition System). The IPO transition system ( ITS ) is defined as follows 

• states: P : — > I in C, for arbitrary I; 

• transitions: P dor if d G D, (l,r) E !EH, arcc? f /) in Fig. ^is an IPO. 

In other words, if inserting P into the context C[— ] matches do I, and C[— ] is the "smallest" such 
context, then P evolves to d o r with label C[— ]. 

Bisimilarity on ITS is referred to as IPO-bisimilarity (~ / ). Leifer and Milner have shown that if the 
RS has redex RPOs, then it is a congruence. 

Proposition 1. Let us consider an RS with redex RPOs. Then, ~ is a congruence. 

Clearly, ~ 7 C~ S . in [2] the first author shows that this inclusion is strict for many formalisms. In 
particular, it turns out that in some interesting cases ~ 7 is too strict, while ~ 5 is too coarse. This fact 
is the reason for introducing barbed bisimilarities |[T6ll . Barbs are predicates (representing some basic 
observations) on the states of a system. For instance, in |[T6ll the authors use for CCS barbs \. a and \. a 
representing the ability of a process to perform an input, respectively an output, on channel a. 

In the following we fix a family O of barbs, and we write P \. if P satisfies o G O. 

Definition 6 (Barbed Saturated Bisimulation). A symmetric relation M is a barbed saturated bisimulation 

if whenever P & Q then VC[— ] 

• if C[P] U then C[Q] | ; 

• ifC[P] ~» P' then C[Q] -w Q' andP'&Q'. 

Barbed saturated bisimilarity ~ BS is the largest barbed saturated bisimulation. 

It is easy to see that ~ fiS is the largest barbed bisimulation that is also a congruence. 

2.1 An Efficient Characterization of (Barbed) Saturated Bisimilarity 

Since the definition of saturated bisimulation involves a quantification over all possible contexts, it is 
usually hard to (automatically) prove the equivalence of two systems. For this reason, the first author, 
with Konig and Montanari, introduced semi-saturated bisimilarity (6l . 

Definition 7 (Semi-Saturated Bisimulation). A symmetric relation & is a semi-saturated bisimulation if 

whenever P then 

• ifP Sipo P' then C[Q] ~* Q' and P'S^Qf. 

Semi-saturated bisimilarity ~ 5S is the largest barbed semi- saturated bisimulation. 

Proposition 2. Let us consider an RS with redex IPOs. Then, ~ S5 =^ S . 

Reasoning on ~ ss is easier than on ~ 5 because instead of looking at the reductions in all contexts, 
only IPO transitions are considered. 

In fl5], the authors extended this technique to barbed saturated bisimilarity. 

Definition 8 (Barbed Semi-Saturated Bisimulation). A symmetric relation £% is a barbed semi-saturated 
bisimulation if whenever P S% Q then 

• VC[-], ifC[P] U then C[Q] U 

• ifP Sfpo P' then C[Q] ~* Q' and P' S$Q[. 

Barbed semi-saturated bisimilarity ~ BSS is the largest barbed semi-saturated bisimulation. 
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Proposition 3. Let us consider an RS with redex IPOs. Then, ~ Bii =~ fii . 

Also in this case, it is more convenient to work with instead of Even if barbs are still 
quantified over all contexts, for many formalisms (as for MAs) it is actually enough to check if P \. 
implies Q \. , since this condition implies that VC[— ], if C[P] l„ then C[Q] | . Barbs satisfying this 
property are called contextual barbs. 

Definition 9 (Contextual Barbs). A barb o is a contextual barb if whenever P | implies Q | then VC[— ], 
C[P] lo implies C[Q] ], . 



3 Mobile Ambients 

In this section we first introduce the finite, communication-free fragment of mobile ambients (MAs) [[Sj 
and its reduction semantics. Then, we recall the IPO transition system for MAs presented in H. 

Fig. [2] shows the syntax of the calculus. We assume a set JV of names ranged over by m,n,u, 

Besides the standard constructors, we include a set {X,Y, . . .} of process variables and a set {x,y, . . .} 
of name variables. We let P, Q,R, . . . range over the set of pure processes, containing neither process 
nor name variables; while P £ ,Q e ,R e , ■ ■ ■ range over the set of well-formed processes, i.e., such that no 
process or ambient variable occurs twice. 

Intuitively, an impure process such as x[P]|X represents an underspecified system, where either the 
process X or the name of the ambient x[—] can be further instantiated. These extended processes are 
needed later for the presentation of the LTS. We use the standard definitions for the set of free names of a 
pure process P, denoted by fn(P), and for a-convertibility, with respect to the restriction operators (vn). 
We moreover assume that fn(X) = and fn(x[P]) = fn(P). We also consider a family of substitutions, 
which may replace a process/name variable with a pure process/name, respectively. Substitutions avoid 
name capture: for a pure process P, the expression (vn)(vm)(X\x[0]){ m / x ,' /x} corresponds to the 
pure process (vp)(vq)(n{P]\m[0]), for names p,q {m}U fn(n[P]). 

The semantics of the calculus exploits a structural congruence, denoted by =, which is the least 
equivalence on pure processes that satisfies the axioms in Fig. [3] The reduction relation, denoted by -w, 
describes the evolution of pure processes. It is the smallest relation closed under the congruence = and 
inductively generated by the set of axioms and inference rules in Fig. |4] 

As already said, a barb o is a predicate over the states of a system, with P | denoting that P satisfies 
o. In MAs, P l n denotes the presence at top-level of an unrestricted ambient n. Formally, for a pure 
process P, P ],„ if P = {vA){n [Q] \R) and n ^ A, for processes Q and R and a set of restricted names A. 

Definition 10 (Reduction Barbed Congruences |[T8l ). Reduction barbed congruence ~ MA is the largest 
symmetric relation 3% such that whenever P & Q then 

• ifP-ln then Q \, n ; 

• ifP-^P' then Q~>Q' and P' St Q'; 
. VC[-],C[P]&C\Q]. 

A labelled characterization of the reduction barbed congruence over MAs processes was first pre- 
sented by Rathke and Sobocihski in [18], and then by the authors of this paper in Q. In the latter we 
exploit the notion of barbed saturated bisimilarity over RSs that is able to capture the behavioural seman- 
tics for MAs defined above. Moreover, we give an efficient characterization of such a semantics through 
the IPO transition system presented in the next section, and the semi-saturated game. 
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P ::= 0,n{P],M.P, (vn)P,Pi\P 2 ,X,x[P] M ::= in n,out n,open n 



Figure 2: (Extended) Syntax of mobile ambients. 



ifP = (2thenP|fl = 


Q\R 


P|0 = P 


ifP = gfhen (vn)P 


= (vn)Q 


(vn)(vm)P = (vm)(vn)P 


ifP = 2then«[P] = 


n[Q] 


(vn)(P\Q)=P\(vn)Q i£n$fn(P) 


ifP = Q then M.P = 


M.Q 


(vn)m[P] = m[(vri)P] iin^m 


P\Q = Q\P 




(vn)M.P = M. (vn)P if n £ fn{M) 


(P\Q)\R = P\(Q\R) 




{vn)P={vm){P{ m / n }) if mi fn(P) 




Figure 3: 


Structural congruence. 


n[in m.P\Q]\m[R] -w m[n[P\Q}\R] 


if P ~* Q then (vn)P ~* (vn)Q 



m n out m.P\Q]\R] ~> n[P\Q]\m[R] if P~* Qthenn[P] ~^n[Q] 

openn.P\n[Q] -w P\Q ifP~» 2thenP|P-> <2|P 

Figure 4: Reduction relation on pure processes. 

An ITS for Mobile Ambients. Here we present the ITS M for MAs proposed in [4]. The inference 
rules describing this LTS are obtained from an analysis of a LTS over (processes as) graphs, derived by 
the borrowed context mechanism ifTOll . which is an instance of the theory of RSs EJJ. The labels of 
the transitions are unary contexts, i.e., terms of the extended syntax with a hole — . Note that they are 
minimal contexts, that is, they represent the exact amount of context needed by a system to react. We 
denote them by C e [— ]. The formal definition of the LTS is presented in Fig. [5] 

The rule Tau represents the T-actions modeling internal computations. Notice that the labels of the 
transitions are identity contexts composed of just a hole — , while the resulting states are pure processes. 

The other rules in Fig. [5] model the interactions of a process with its environment. Note that both 
labels and resulting states contain process and name variables. We define the LTS Mj for processes over 
the standard syntax of MAs by instantiating all the variables of the labels and of the resulting states. 

C[-] 

Definition 11. Let P, Q be pure processes and let C[— ] be a pure context. Then, we have that P — >Mj Q 

Q[— ] 

if there exists a transition P >m Q e and a substitution o such that Q E o = Q and C e [— ]a = C[— ]. 

In the above definition recall that substitutions replace process variables by pure processes and that 
they do not capture bound names. 

The rule Open models the opening of an ambient provided by the environment. In particular, it 
enables a process P with a capability open n at top level, for n G fn{P), to interact with a context 
providing an ambient n containing some process X\. Note that the label — \n[X\] of the rule represents 
the minimal context needed by the process P for reacting. The resulting state is the process over the 
extended syntax (vA)(P] \X\ \Pi), where X\ represents a process provided by the environment. Note that 
the instantiation of the process variable Xi with a process containing a free name that belongs to the 
bound names in A is possible only a-converting the resulting process (vA) (Pi |Xi \Pi) into a process that 
does not contain that name among its bound names at top level. 

The rule CoOpen instead models an environment that opens an ambient of the process. The rule 
InAmb enables an ambient of the process to migrate into a sibling ambient provided by the environment, 
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(Tau) 



(IN) 



P^Q 

P=(yA)(m m.Pi\P 2 ) m^A 
5 4(vA)m[x[P 1 tP 2 |Xi]|Z 2 ] 



(InAmb) 



(Coin) 



P=(vA)(n[in m.P,\P 2 ]\Pi) m^A 
P- l ^(vA)(m[«[P 1 |P 2 ]|X,]|P 3 ) 

P=(v4)(m[Pi]|P 2 ) m^A 

— \x\in m.Xt\X 2 \ / , , r r 

'-- ~4(vA) (m[x[Xi \X 2 ] |P, ] IP,) 



(Out) 



P=(vA)(out m.P\\P 2 ) m^A 
"^^AvA)(m[X 2 \W x \Hm 



(OutAmb) 



P={vA)(n[out m.Pi|P 2 ]|P 3 ) m^A 
y»H*ll (vA) (m[/ , 3 j„ [Pl |p 2]) 



(Open) 



P=(yA)(open n.P\\P 2 ) n$ 

pS^wm) 



(CoOpen) 



P=(vA)(n[Pi]|P 2 ) njA 

— \open n.X, . ... . 

P- 1 4(vA)(P 1 |X,|P 2 ) 



Figure 5: The LTS M. 



while in the rule In both ambients are provided by the environment. In the rule ColN an ambient 
provided by the environment enters an ambient of the process. The rule OutAmb models an ambient of 
the process exiting from an ambient provided by the environment, while in the rule Out both ambients 
are provided by the environment. 



4 On Synchronous and Asynchronous CCS 

This section introduces the ITSs for CCS and for its asynchronous variant. For the sake of space, we 
do not present the standard CCS, while we indeed recall the syntax and the semantics of Asynchronous 
CCS (ACCS). We then show an ITS for both CCS and ACCS: the former was introduced in 0, while 
the latter is original. Finally, we show that the IPO-bisimilarity coincides with the ordinary bisimilarity 
for CCS; while IPO-bisimilarity is strictly contained in asynchronous bisimilarity. 



Asynchronous CCS. Differently from synchronous calculi, where messages are simultaneously sent 
and received, in asynchronous communication the messages are sent and travel through some media 
until they reach destination. Thus sending is non blocking (i.e., a process may send even if the receiver 
is not ready to receive), while receiving is (processes must wait until a message becomes available). 
Observations reflect the asymmetry: since sending is non blocking, receiving is unobservable. 

Here we shortly introduce the finite fragment of ACCS. We adopt a presentation reminiscent of 
asynchronous % \ 1 ] that allows the non deterministic choice for input prefixes (a feature missing in 0[9]]). 

Fig. [6] shows the syntax of the calculus. We assume a set jV of names ranged over by a,b,c, As 

for MAs, we included a set {X, Y, . . .} of process variables. These are needed for the presentation of the 
LTS in Fig. 11 We let P, Q,R, . . . range over the set of pure processes, containing no process variables. 
Substitution of process variables is defined analogously to MAs. Note that here we let M,N,0,... range 
over the set of summation, while in MAs we used those symbols for capabilities. 

The main difference with respect to the standard CCS |[T3l is the absence of output prefixes. The 
occurrence of an unguarded a indicates a message that is available on some communication media named 
a, and it disappears whenever it is received. 
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P::=M,X, a, (va)P, P X \P 2 M::=0, T.P, a.P, M y +M 2 



Figure 6: (Extended) Syntax of Asynchronous CCS. 



HP = QthenP\R=Q\R 


P|0eeP 


if P = Q then (va)P = (va)Q 


(va)(W?)P = (v6)(va)P 


if P = Q then T.P = T.<2 


(va)(P|Q) = P|(va)Q if a i fn(P) 


if P = Qthen a.P = a.Q 


M+N=N+M 


i£M = N then M + O = N + 


{M + N) + = M + (N + 0) 


P\Q = Q\P 


M + = M 


(P\Q)\R = P\(Q\R) 


{va)P={vb){P{ b / a }) if b£fn(P) 


Figure 7: 


Structural congruence. 


(a.P + M)|a-wP 


if P 2 then (va)P ~> (va)<2 


T.P + M-wP 


if P-> gthenPjP^ Q\R 



Figure 8: Reduction relation on pure processes. 

a.P + M-^P ifP A gthen (va)P A (va)Q i£a£n(jl) 

t.P + mAp ifP AgthenP|P A g|P 

aAO ifP Ap andg AQi thenP|2 AplQi 



Figure 9: Labelled transition system. 

Structural equivalence (=) is the smallest congruence induced by the axioms in Fig. [7] The behaviour 
of a process P is then described as a reaction relation (~») over processes up to =, obtained by closing 
the rules in Fig. [8] For ACCS, there exists also an interactive semantics expressed by an LTS. This is the 
transition relation over processes up to =, obtained by the rules in Fig. [9] Here we use jj, to range over 
the set of labels {i,a,a \ a G JV}. The names of fi, denoted by n(ju), are defined as usual. 

The main difference with respect to the synchronous calculus lies in the notion of observation. Since 
sending messages is non-blocking, an external observer can just send messages to a system without 
knowing if they will be received or not. For this reason receiving should not be observable and thus 
barbs take into account only outputs. Formally, P \. a if there exists process Q such that P A Q. This is 
reflected in the notion of asynchronous bisimilarity OX 

Definition 12 (Asynchronous Bisimulation). A symmetric relation & is an asynchronous bisimulation if 

whenever P S%Q then 

• ifP A P' then Q^Q' and P'MQ', 

• ifP A P' then Q A Q' and P'@Q!, 

• ifP A P' then either Q-^Q' andP'&Q' or Q A Q' andP'&Q'\a. 

Asynchronous bisimilarity ~ A is the largest asynchronous bisimulation. 

For example, the processes a.a + T.O and T.O are asynchronous bisimilar. If a.a + T.O A a, then 
T.O A and clearly a ~ A 0\a. 
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(TAU) 



(Rev) 



(Snd) 



P={vA){g.Q+M\R) g^A 
P^(yA)(Q\R\X{] 

P=(yA)(g.Q+M\R) g£A 
P=J^(vA)(Q|i?|X 1 ) 



Figure 10: The LTS C 



(TAU) 



P^Q 
P^Q 



(Rev) 



P=(yA)(g.Q+M\R) g^A 
P^H(vA)(Q\R) 



(Snd) 



P={vA)(g\Q) g^A 
P--^(vA)(Q\X l ) 



Figure 11: The LTS A 



An ITS for CCS. In |3], the first and the second author together with Konig derived an ITS for the 
ordinary CCS by employing the borrowed context mechanism ifTOl . 

Fig.[lO]shows the LTS C. The labels of C are minimal contexts, i.e., they represent the exact amount 
of context needed by a process to react. The reactive semantics of CCS (denoted by ~~>) can be found in 
lfT4l . Note that both the labels and the resulting states contain the process variable Xi. For the sake of 
space, we avoided to report here the (extended) syntax of CCS: this is just the ordinary syntax of CCS, 
together with process variables (analogously to MAs and ACCS). 



Following Definition 1 1 for MAs, we define the LTS C/ for processes over the standard syntax by 
instantiating the process variable of the labels and of the resulting states. 

Now let us consider the rule Rev. If a process is ready to receive on some unrestricted channel a, 
then an interaction takes place whenever it is embedded in an environment of the shape — |aX|j] Recall 
that the instantiation of the process variable Xi with a process containing a free name that belongs to the 
bound names in A is possible only a-converting the resulting process (y A)(Q\R\X\) . 

Hereafter we use A (with \i G {T,a,d \ a 6 ^V}) to denote the ordinary LTS of CCS |[T3ll . By 

T — CI 

comparing the latter with the LTS C, it is easy to see that P — > Q if and only if P — > Q. Moreover P — > Q 

iff P —-4 Q\Xi and P A Q iff P —-4 Q\X { . From these facts, the main result of [3 ] follows: the ordinary 
bisimilarity of CCS (denoted by ~ ccs ) coincides with IPO bisimilarity. Instead, saturated bisimilarity is 
too coarse: the (recursive) processes P = rec z x.z and P |a.O are e.g. saturated bisimilar. 



An ITS for ACCS. Following [3 ], we propose an ITS for ACCS. Fig. [TT] shows the LTS A. The LTS 



A/ is defined by instantiating the process variable of the labels and of the resulting states. 

The main difference between A and C is in the rule Rev: since outputs have no continuation in 
ACCS, then the process variable Xi (that occurs in C) is not needed in A. 

It is easyto see that also for ACCS there is a close correspondence between the ordinary LTS seman- 
tics (in Fig. 9 1 and A: P A Q iff P A Q, P A Q iff P ^> Q and P A Q iff P ^A' Q\X V 

However, in the asynchronous case, IP(>bisimilarity is too fine grained. Indeed, the processes a. a + 
T.O and T.O are asynchronously bisimilar, but they are not IPObisimilar. In the next section we will 
introduce a new semantics for RSs that generalizes both ~ CC5 and ~ A . 

'The LTS derived in [3 1 slightly differs from C. Besides dropping some not-engaged transitions (i.e., transitions that do not 
play any role in the notion of bisimulation), we simplified the labels for SND and Rev: these were, respectively, — \a.X\ +M\ 
and — \a.X\ +M\ for Mi a summation variable. Since these variables do not occur in the resulting states, they also play no role 
in the derived bisimilarity, and thus we avoided to consider them in the labels. 
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5 A New Semantics for Reactive Systems: L-Bisimilarity 

As shown in Section [4j IPO-bisimilarity coincides with the ordinary bisimilarity in the case of CCS. 
However, for many interesting calculi, such as MAs and ACCS, it is often too fine-grained. On the other 
side, as recalled above for CCS, saturated bisimilarity is often too coarse. 

In this section we introduce L-indexed bisimilarity (shortly, L-bisimilarity), a novel kind of bisimilar- 
ity parametric with respect to a class of contexts (also referred to as labels) L. For each class L satisfying 
some closure properties, the new equivalence ~ L is a congruence and ~ 7 C~ L C~ S . 

Intuitively, L-bisimulations can be thought of as something in between IPO-bisimulations and semi- 

c[-i c[-] 

saturated bisimulations: if C[— ] belongs to L, then Q must perform Q —>ipo whenever P —>ipo (as in the 
IPO-bisimulation), otherwise C[Q] ~» (as in the semi-saturated bisimulation). 

Definition 13 (L-Bisimulation). Let Lbe a class of contexts. A symmetric relation & is an L-bisimulation 

if whenever P S% Q then 

ifpS [ ip ] oP'then{ Q^woQ'andP'^Q', ifC[-]eL; 

[ C[Q] ~» Q' andP'&Q', otherwise. 

L-bisimilarity ~ L is the largest L-bisimulation. 

It is easy to note that ~ L generalizes both ~ 7 and ~ 55 (and thus Indeed, in order to characterize 
the former, it is enough to take as L the whole class of contexts, while to characterize the latter, we take 



as L the empty class. In Section 5.1 we will show that for some L, L-bisimilarity also coincides with 
barbed saturated bisimilarity. In the remainder of this section, we show that ~ L is a congruence. In order 
to prove this, we have to require the following condition on L. 

Definition 14. Let L be a class of arrows of a category. We say that L is IPO-closed, if whenever the 
following diagram is an IPO and b £ L, then also c E L. 




It is often hard to prove that a class of contexts is IPO-closed. It becomes easier with concrete 
instances of RSs that supply a constructive definition for IPOs, such as bigraphs and borrowed contexts. 

Proposition 4. Let us consider a RS with redex RPOs and an IPO-closed class L of contexts. Then, ~ L 
is a congruence. 






(/) (ii) (Hi) 
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Proof. In order to prove this theorem we will use the composition and decomposition properties of IPOs, 
namely Proposition 2.1 and Proposition 2.2 of JT21 . We have to prove that if P ~ L Q then C[P] ~ L C[Q\. 
We show that M = {(C[P],C[Q]) s.t. P ~ L Q} is an L-bisimulation. 

Suppose that C[P] -4/po P' ■ Then there exists an IPO square like diagram (i) above, where (L,R) G 9^, 
D[—] G D and P' = D[R]. Since, by hypothesis, the RS has redex RPOs, then we can construct an RPO 
as the one in diagram (ii) above. In this diagram, the lower square is an IPO, since RPOs are also 
IPOs (Proposition 1 of ITT21 ). Since the outer square is an IPO and the lower square is an IPO, by IPO 
decomposition property, it follows that also the upper square is an IPO. 

yr_] 

Since D is composition-reflecting, then both D\ [—] and ~D 2 \— ] belong to D, and then P — >jpo D\ [R]. 
Now there are two cases: either /[— ] G L or /[— ] ^ L. 

If J[—] G L, then also J'[—] G L, because L is IPO-closed, by hypothesis. Since P ~ L Q, then Q — )-/po 
Q" and Di [R] ~ L Q". This means that there exists an IPO square like the lower square of diagram (iii) 
above, where (L',R'} G E[—] G D and E[R] = Q". Now recall by the previous observation that the 
upper square of diagram (iii) is also an IPO and then, by IPO composition, also the outer square is an 

IPO. This means that C[Q] 4/p D 2 [Q"}. Since D { [R] ~ L Q", then P' = D[R] = D 2 [Di [R]} & D 2 [Q"}. 

/r_i 

If /[— ] ^ L, then either /[— ] G L or /'[-] g L. In both cases, from P -)-/po d i[R] we derive that 
J'[Q] ~» Q" an d D\ [R] r^ L Q". This means that the lower square of diagram (iii) above commutes. Since 
also the upper square commutes, then also the outer square commutes. This means that C[Q] ~~» D 2 [Q"]. 
Since D { [R] ~ L 2", then P' = D[R}= D 2 [D x [R]\ & D 2 [Q"] . □ 



5.1 Barbed Saturated Bisimilarity via L-bisimilarity 

Here we show that L-bisimilarity can also characterize barbed saturated bisimilarity, whenever the family 
of barbs and the set of labels L satisfy suitable conditions. This result will be used in later sections in 
order to show that L-bisimilarity captures the correct equivalences for MAs and ACCS. 

In order to guarantee that ~ L G~ B5 , we need some conditions ensuring that the checking of barbs of 
~ B5 is already done in ~ L by the labels in L. 

Definition 15. Let L be a set of labels and let O be a set of barbs. We say that L is O-capturing if for 

c[-] 

each barb o there exists a label C[—\ G L such that for each process P, P \. Q if and only ifP -^jpo P'- 

The next two definitions are needed to ensure that ~ BS C~ L . 

Definition 16. Let M be a relation and let £P(X,Y) be a predicate on processes. We say that £P(X,Y) 
is stable under S% if whenever P0£Q and &(P,P') there exists Q' such that 0>(Q, Q') and P'MQ'. 



For example, the predicates in Fig. 12 and Fig. 13 are stable under ~ BS . 

Definition 17. Let M be a relation and let C[— ] be a label. We say that C[— ] is stable under if the 

c\— i 

predicate &(X,Y) =X — >ipo Y is stable under 

We can finally state a first correspondence result. 

Proposition 5. Let us consider an RS with redex RPOs, a set O of contextual barbs and a set L of labels. 
IfL is O-capturing and its labels are stable under ~ BS , then ~ BS coincides with ~ L . 

Proof. In order to prove that ~ B5 G~ L , we show that 3% = {(P, Q) s.t. P ~ B5 Q} is an L-bisimulation. 
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Suppose that P -+ IP0 P' . We have two cases: either C[-} G L or C[-] £ L. If C[-] G L, then C[-] 

c\—\ 

is stable under ~ BS and thus, since P ~ BS 2, 2 -^/ P0 Q' and P' ~ B5 2'. For the case that C[-\ g L, it is 

enough to note that, since P -$fpo P then C[P] ~* P' . Since P ~ BS Q, then C[g] ~» 2' and P' ~ BS 2'- 
Now we show that M = {(P, Q) s.t. P ~ L 2} is a barbed semi- saturated bisimulation (i.e., ~ L c.~ BSS ) 

and thus, since the RS has redex IPOs, by Proposition [3] it follows that ~ L C~ BS . 

At first, we note that, since O is a set of contextual barbs, in order to show that & satisfies the first 

condition of Definition [8] it suffices to show that P \. implies Q ], . Since L is Ocapturing, if P ], then 

c{— ] c\— ] 

there is a label C[— ] G L such that P | if and only if P —tipo- Since P ~ L 2, then also 2 — >ipo an d 2 lo- 
in order to prove the second condition of Definition [sj it is enough to note that if P ^' then, for 
either C[-] G L or C[-] ^ L, C[Q] *** Q' with P' ~ L 2'- □ 

As a corollary of the previous definition, we obtain the following property that allows to check 
whenever IPO-bisimilarity coincides with barbed saturated one. 

Lemma 1. Let us consider an RS with redex IPOs and a set O of contextual barbs. If the set of all labels 
is O-capturing and each label is stable under ~ BS , then ~ 7 coincides with ~ B5 . 



6 L-Bisimilarity for Mobile Ambients 

This section proposes a new labelled characterization of the reduction barbed congruence for MAs, 
presented in Section [3] In particular, by using the ITS Mj (also in Section [3]) we define an L-bisimilarity 
that captures barbed saturated bisimilarity for MAs, coinciding with reduction barbed congruence. 

Proposition 6 (see [5], Theorem 3). Reduction barbed congruence over MAs coincides with barbed 
saturated bisimilarity ~ BS . 

As shown in Section |5.1| we can characterize barbed saturated bisimilarity on a set of contextual 
barbs O through the IPO transition system and a set of labels L. In particular, as required by Proposition 
[5j the set L must be O-capturing and each C[— ] G L must be stable under the barbed saturated bisimilarity. 

We denote by M the set of barbs of MAs, recalling that MAs barbs are contextual barbs lIBl . 

Proposition 7 (see | 5 ], Proposition 6). M is a set of contextual barbs. 

Therefore, we can characterize reduction barbed congruence over MAs by instantiating Defini- 



tions 



13 with the ITS Mi and a set L of labels having the two properties said above. 
First of all, we find some labels of Mi that capture the barbs of MAs. This ensures that the checking 
of barbs of the barbed saturated bisimilarity is done in the L-bisimilarity by the first condition of its 
definition. It is easy to note that a MAs process P observes a unrestricted ambient n at top-level, in 
symbols P \. n , if and only if it can execute a transition labelled with — \open n.T\ or with —\m[in n.T\\T2\. 
Therefore, L is M -capturing if it contains at least one kind of these labels. We choose to consider labels 
of the first type, that is, having the shape — \open n.T\, for n ambient name and T\ pure process. 

It is possible to prove that these labels are stable under Therefore, if we consider the set L 
defined below, we obtain an L-bisimilarity for MAs that is able to characterize r- KS 



M 



Proposition 8. Let Lm be the set of all labels of the ITS M\ having the shape — \open n.T\,forn ambient 
name and T\ pure process. Then, Lm is O M -capturing. 
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0>-\open n.Tx g^y) gp// and m ^ y„pQ s t p" | m ,C"[X] ~» P" **> Y and F 
with C[— ] = — \open n.(m[0]\open m.T\) 



Figure 12: Predicate for the label — \open n.T\. 

Proof. We have to show that for each barb n G M there exists a label C[— ] G Lm such that for each 

C[-l 

process P, P |„ if and only if P — >m, P ■ 

It is easy to note that, given a barb n £ M , we, have that for each process P, P |„ if and only if 

P l open n T \ Mi p\ with T\ pure process. Since we know that Lm contains all labels having the shape 
— \open n.T\, for n ambient name and 7\ pure process, we can conclude that Lm is M -capturing. □ 

Now, in order to prove that each C[— ] G Lm is stable under we exploit a predicate such that it is 



17 



stable under ~f s and equivalent to the one of Definition 
Lemma 2. Let &-\ P en n - Tl (X,Y) be the binary predicate on MAs processes shown in Fig. 12 for n 



ambient name and 7\ pure process. Then, @>-\°P en nT ^ (X,Y) is stable under and for each P and P', 

0>-\open n.T, (p^p/) {f Qnd m j y if p Hggg nJ \ ^ p, 

Proof. We begin by proving that the predicate @>-\°P en n T i (X,Y) is stable under ~f s . 

Assume that P Q and @>-\°P en n T > (P,P ; ) holds. Since &>-\°P en (pp') holds, then there exists 
a process P" and an ambient m fresh for P and Q, such that C'[P] ~* P", P" | m , P" ~* P' and P' J4, with 
C'[— } = —\open n.(m[0]\open m.T\). 

Since C'[P] P" and P 2, then C'[Q) ~* Q" and P" 2". Therefore, it is obvious that 
also Q" l, n . Now, we know that P" ~* P', hence we can say that 2" g' and P' 2'. From this 
follows that, since P' J/ m , then also 2' J/ m . So, we can conclude that ^>-\°P enn - Tl (Q,Q') holds, hence 

0>-\open n.T, Q^y) ^ stable under ^ 

Now we show that for each P and P', ^H P e " »- r i (P,P') iff P H ° pCT "^' Mj P'- 

Assume that ^-|°P en " T i (P,P') holds. This means that there exists a process P" and an ambient m 
fresh for P, such that C'[P] P", P" | m , P" ~* P' and P' ]/ m , with C'[-] = -|open n.(m[0]\open m.Ti). 
The fact that C'[P] ~~» P" and P" J, m means that the capability open n has been executed, hence there must 
be a unrestricted ambient n at top-level of P, i.e., P = (vA)(n[Pi]|P 2 ) and n A. From this follows that 
P" = (vA)(Pi\P 2 )\m[0]\open m.T u and since P' J4, then P' = (vA)(Pi|P 2 )|7i. Moreover, by knowing 

that P = (vA) (n[Pi] |P 2 ) and g" A, we can conclude that P ~ |ope " nJ \ Ml P'. 

Assume that P ~ |op£ " " T > P'. This means that P = Q, where g = (vA)(n[Pi]|P 2 ), n A and P' = 
(vA)(Pi |P 2 )|Pi. We consider the context C'[— ] = — \open n.(m[0]\open m.T\) with m g" fn(P). It is easy 
to note that C [Q] ~»P" s.t. P" = (vA)(Pi|P 2 )|m[0]|o/^7i m.P, andP"| m . Therefore, since C [P] =C'[Q], 
we also have that C'[P] ~» P". Now, we can note that P" -w P' and, since m is fresh for P, P' J4,. □ 

Proposition 9. All labels in Lm are stable under 

The proof of the proposition above trivially follows from Lemma [2| 
We finally introduce the main characterization proposition. 

Proposition 10. ~f 5 =~ iiW . 
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Proof. First of all, by Proposition [7} we know that MAs barbs are contextual. Moreover, by Propositions 
we know that L is M -capturing and it contains only labels that are stable under Therefore, 
thanks to Proposition [5] we can conclude that ~f s =~ LM . □ 

The L-bisimilarity ~ Lm presented above is not the only one which is able to characterize barbed 
saturated bisimilarity For example, as said before, we can choose to consider all labels of the 

shape — \m[in n.T\\T2\: besides being able to capture MAs barbs, they are also stable under ~ BS . How- 
ever, generally, we can consider the sets L containing at least all the labels of the shape — \open n.T\ or 
— \m[in n.T\\T^\ to capture barbs, and other labels of Mj that are stable under ~f s , i.e., labels such that it 
is possible to define a predicate analogous to the one we defined for the labels — \open n.T\. 



7 L-Bisimilarity for (Asynchronous) CCS 

Section|4]has shown that IPO-bisimilarity coincides with the ordinary bisimilarity of CCS (~ CC5 ), while 
it is strictly contained in asynchronous bisimilarity. In this section, we first show that L-bisimilarity gen- 
eralizes both cases and then we prove that these also coincide with their barbed saturated bisimilarities. 

L-Bisimilarity for Asynchronous CCS. In asynchronous bisimulation (Definition [12]), transitions la- 
belled with T and d (corresponding to — and — \a.T\ in Aj, respectively) must be matched by transitions 

with the same labels. Moreover, when P A- P' (corresponding to P — > P' in Aj) then either <2 A Q' and 
P'&Q' or Q A Q' and P'&Q'\d. This is equivalent to require that Q\a -> Q' and P'MQ'. Thus, in order 
to characterize ~ A as L-bisimilarity, it suffices to choose as L the set of labels corresponding to z and a. 

Proposition 11. Let La be the set containing the labels of the ITS Aj of the shape — and — \a.Ti, for a 
channel name and T\ pure process. Then, ^ La =^ a . 

L-Bisimilarity for CCS. Since IPO-bisimilarity coincides with ~ CC5 5 i n order to characterize ~ ccs as 
L-bisimilarity, it is enough to include all the IPO-labels into L. 

Proposition 12. Let Lccs be the set containing all the labels of the ITS Q. Then, ~ icc ' s =~ ccs . 



From L-Bisimilarity to Barbed Saturated Bisimilarity. It is important to note that the choice of Lccs 
andL^ is not arbitrary. Indeed, in both cases, ~ Lc « and ~ La coincide with barbed saturated bisimilarities. 
This is not a new result, but it is interesting to see that it can be easily proved by following the same 
approach that we have used for MAs in Section [6j 

For the synchronous case, barbs are defined as P J. a if and only if P — > Q and P J, a if and only 
if P —?■ Q. Since Lccs contains the labels — \a.T\ and — \a.T\ (corresponding to a and a in the ordinary 
LTS), then Lccs is Dar b capturing. 

It is also easy to see that the barbs are contextual. Then, in order to use Proposition [5] we only have 
to prove that all the labels in Lccs are stable under barbed congruence. Analogously to MAs, we define 

some additional predicates. These are shown in Fig. [13] It is easy to see that for each label C[— ], X Y 
in Ci if and only if & c \~\ (X, Y). It is also easy to show that all of them are stable under 

For the asynchronous case, recall that La only contains labels of the form — and — \a.T\ (corre- 
sponding to labels % and a in the ordinary LTS). Since only output barbs ^ are defined, then La is barb 
capturing. In order to prove that each label in La is stable under ~ BS we can use for — and — \a.T\ the 
predicates that we have used in the synchronous case (Fig. 13 ). 
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^f-\m(x t Y) 3P> and i £ fn(X) s.t. P' | ^and X|a.(il7i)|i ~* F •** Y 

^-\ a - Tl (X,Y) 3P' mdi(£fn(X) s.t. P' j J and X\a.(J\T{)\i ~> P' *** Y 

&~(X,Y) X-^Y 

Figure 13: Predicates for CCS 
It is worth noting that labels of the form — \a are not stable under Indeed, we cannot adopt the 



predicate used in the synchronous case (the first in Fig. 13 1, since outputs have no continuation in ACCS. 



8 Conclusions and future work 

The paper introduces a novel behavioural equivalence for RSs, namely, L-bisimulation: a flexible tool, 
parametric with respect to a set of labels L. The associated bisimilarity is proved to be a congruence, 
and it is shown to be intermediate between the standard IPO and saturated semantics for RSs: indeed, it 
is able to recover both of them, by simply varying the set of labels L. More importantly, also the more 
expressive barbed saturated semantics can be recast, as long as the set L satisfies suitable conditions. 

As for any newly proposed semantics, its expressiveness and ease of use have to be tested against 
suitable case studies. We thus considered a recently introduced IPO transition system for MAs, and two 
other IPO transition systems for CCS and its asynchronous variant. We show that in all those cases, for 
a right choice of L, L-bisimilarity precisely captures the standard semantics for the calculus at hand. 

We can foresee three immediate extensions of our work. First of all, we would like to precisely un- 
derstand the notion of IPO-closedness, which is required for the set of labels L, in order for L-bisimilarity 
to be a congruence. It would be important to establish suitable and more manageable conditions under 
which a set of arrows of a given category satisfies that property, especially for those RSs where IPOs 
have an inductive presentation (such as for those induced by the borrowed context mechanism). 

Moreover, we would like to further elaborate on the connection between L-bisimilarity and barbed 



semantics, moving beyond the preliminary results presented in Section 5.1 As a start, in order to estab- 
lish conditions ensuring that barbs satisfy the pivotal property of being contextual; and, more to the point, 
for checking whenever a set of labels is barb capturing and contains only labels stable under barbed sat- 
urated bisimilarity. As far as the specific MAs case study is concerned, most of the IPO labels occurring 
in our transition system are indeed stable, i.e., the relative labelled transitions can be characterized by 
a predicate which is stable under the barbed saturated bisimilarity. The only labels that are not stable 
are the ones of the shape — \m[P) and m[— \P] of the rule InAmb and OutAmb, respectively. It seems 
intriguing that those same labels required the introduction of so-called Honda-Tokoro inference rules 
in |[T8l for capturing the reduction barbed congruence by means of standard bisimilarity. 

Finally, we remark that so far in our methodology the choice of the "right" set L, as well as the 
identification of a meaningful set of barbs, is left to the ingenuity of the researcher. We would like to 
devise a general theory that relying only on the syntax of the calculus at hand and on the associated 
reduction semantics might allow to automatically derive either a suitable family of barbs or some kind 
of basic set of observations, along the lines of the proposals in JTT1IT71IT91 . 
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